Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

Re^2: Catalyst LDAP Authentication Not Working

by Anonymous Monk
on Oct 17, 2013 at 18:51 UTC ( #1058663=note: print w/ replies, xml ) Need Help??


in reply to Re: Catalyst LDAP Authentication Not Working
in thread Catalyst LDAP Authentication Not Working

I am running Catalyst 5.90042, Perl v5.10.1, on Red Hat Enterprise Linux Server release 6.4 The configuration in Config::General format

<Plugin::Authentication> <default> <store> class LDAP ldap_server ldap://ldap.server:3268 binddn bind@domain bindpw password user_basedn basedn user_field samaccountname user_filter (sAMAccountName=%s)) user_scope sub <user_search_options> dref always </user_search_options> </store> <credential> class Password password_type self_check password_field password </credential> </default> </Plugin::Authentication>
The Controller module action
sub login : Local { my ( $self, $c ) = @_; if ( my $user = $c->req->params->{user} and my $password = $c->req->params->{password} ) { if ( $c->authenticate( { login => $user, password => $password, })) { $c->response->redirect($c->uri_for('/')); } else { # login incorrect use Data::Dumper; $c->response->body("Login Incorrect"); } } else { # invalid form input $c->response->body("Form Input Invalid"); } }


Comment on Re^2: Catalyst LDAP Authentication Not Working
Select or Download Code
Re^3: Catalyst LDAP Authentication Not Working
by Anonymous Monk on Oct 17, 2013 at 19:02 UTC
    As in http://perlmonks.org/?node_id=856404, I changed $c->authenticate( { login => $user to $c->authenticate( { id => $user, and it didn't help.
      Here is the packet capture
      1 0.000000 catserver -> ldapserver TCP 38760 > msft-gc [SYN] Seq=0 + Win=14600 Len=0 MSS=1460 TSV=4135990048 TSER=0 WS=6 2 0.000244 ldapserver -> catserver TCP msft-gc > 38760 [SYN, ACK] +Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=8 TSV=338886467 TSER=413599004 +8 3 0.000271 catserver -> ldapserver TCP 38760 > msft-gc [ACK] Seq=1 + Ack=1 Win=14656 Len=0 TSV=4135990049 TSER=338886467 4 0.013696 catserver -> ldapserver LDAP bindRequest(1) "apache@ads +.state.mo.us" simple 5 0.031177 ldapserver -> catserver LDAP bindResponse(1) success 6 0.031310 catserver -> ldapserver TCP 38760 > msft-gc [ACK] Seq=4 +5 Ack=23 Win=14656 Len=0 TSV=4135990080 TSER=338886470 7 0.055315 catserver -> ldapserver TCP 38760 > msft-gc [FIN, ACK] +Seq=45 Ack=23 Win=14656 Len=0 TSV=4135990104 TSER=338886470 8 0.055602 ldapserver -> catserver TCP msft-gc > 38760 [ACK] Seq=2 +3 Ack=46 Win=66560 Len=0 TSV=338886473 TSER=4135990104 9 0.055662 ldapserver -> catserver TCP msft-gc > 38760 [RST, ACK] +Seq=23 Ack=46 Win=0 Len=0
Re^3: Catalyst LDAP Authentication Not Working
by Your Mother (Canon) on Oct 17, 2013 at 19:53 UTC

    Don't know if it's the issue but (sAMAccountName=%s)) has an extra close paren. Might want to add this to the store (sorry, I like YAML better than Config::General)-

    ldap_server_options: timeout: 30 onerror: warn

    I would also recommend never taking query params for login; insist on POST params. Otherwise some user might discover that she can auto-login with a URL with her credentials in the query string.

    my $user = $c->req->params->{user} and my $password = $c->req->params->{password} # Becomes... my $user = $c->request->body_params->{user} and my $password = $c->request->body_params->{password}
      Thanks. The extra parenthesis was the problem. If it was a snake, I'd be bit.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1058663]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (10)
As of 2014-09-17 16:47 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    How do you remember the number of days in each month?











    Results (91 votes), past polls